<?php
include("../../tools/session.php");
include("../../tools/controls.php");
include("../../tools/pub.php");

// 如果登录失败、无权限访问，那么采取相应措施
if (!($is_login_success === true)) { session_hop_page("../index.php"); exit(); }
if (!power_check(0)) { include("tpl-inc-wp.php"); $tpl->display($oa_tpl_path . "/no-power.html"); exit(); }

/*-- 以下是实际内容 --*/
$page_status = $_POST["page_status"];
if (!$page_status)
{
   include("tpl-inc-wp.php");
   $tpl->display($oa_tpl_path . "/default/password_setting.html");
}
// 如果提交了密码更改数据
elseif ($page_status == 1)
{
   include("../../tools/mysql.php");
   db_connect();
   
   $old_pwd = $_POST["old_pwd"];
   $new_pwd = $_POST["new_pwd"];
   if (trim($new_pwd) == "") { echo $alert_str[1]; exit(); }
   $renew_pwd = $_POST["renew_pwd"];
   if ($new_pwd != $renew_pwd) { echo $alert_str[2]; exit(); }
   
   $sql = "SELECT count(id) num FROM user WHERE password=MD5('" . $old_pwd . "') AND id="
	 . $_SESSION["user"]["id"];
   $re = db_query_once($sql);
   if ($re["num"] == 0) { echo $alert_str[0]; exit(); }
   
   $sql = "UPDATE user SET password=MD5('" . $new_pwd . "') WHERE id=" . $_SESSION["user"]["id"];
   // $re = db_exec($sql);
   // echo ($re) ? $alert_str[5] : $alert_str[4];
   $log_str = array("修改 ID 号为 " . $_SESSION["user"]["id"] . " 的用户密码成功！", "密码修改失败！");
   echo check_status_write_to_log(db_exec($sql), $log_str, FALSE);
}
?>
